Pages

Thursday, February 03, 2011

Google Ups The Ante At Pwn2Own 2011 Offers $20k For Chrome Hack

Google reportedly raised the stakes for this years Pwn2Own hacking contest, offering up an additional $20,000 for anyone that successfully hacks into Google Chrome.

Organized by the Zero Day Initiative (ZDI) team at security researchers TippingPoint, the 5th annual Pwn2Own 2011 contest pits security teams against some of your favors operating systems equipped with the webs best browsers as well as some of our favorite smartphones. This year the contest will offer up to $125,000 in prizes ($105k plus Google's bonus) for the teams that find and exploit security holes in Internet Explorer, Safari and Firefox, as well as in Windows Phone 7, iOS, Blackberry 6 and Android.

To walk off with Google's $20,000 the researchers must find and exploit two vulnerabilities in Google's code and successfully break out of the browser's protective sandbox on Pwn2Own's first day. Only on the second and third days of the contest can researchers employ a non-Chrome bug, say one in Windows, to break out of the sandbox. A successful attack on the second and third days will still put $20,000 in the researcher's pocket, but only $10,000 of that will come from Google; TippingPoint will pony up the other $10,000.

Charlie Miller, the only researcher to have won Pwn2Own prizes three consecutive years, wouldn't commit last week to trying again, but on Wednesday he noticed the $20,000 for Chrome.

"Pwn2own now offering 20k for attack on Chrome," said Miller on Twitter. "Must be hard, glad Mac OS X doesn't sandbox their browser."

It would be great to see if Miller has anything up his sleeve for Chrome and the additional bounty might just be whats needed to entice him to enter again this year.

The contest will be taking place on the 9th, 10th, and 11th of March, 2011 in Vancouver, BC during the CanSecWest conference. This blog post will be updated as the contest plays out, but for real-time updates you can follow either @thezdi or @aaronportnoy on twitter or search for the hashtag #pwn2own.